Merge pull request #7993 from MicrosoftDocs/main

Publish 07/12/2022 3:30 PM PT

Author: Angela Fleischmann

memdocs/configmgr/sum/deploy-use/add-software-updates-to-an-update-group.md

@@ -2,7 +2,7 @@
 title: Add updates to an update group
 titleSuffix: Configuration Manager
 description: Manually or automatically add software updates to a software update group in your environment.
-ms.date: 04/08/2022
+ms.date: 07/12/2022
 ms.topic: conceptual
 ms.prod: configuration-manager
 ms.technology: configmgr-sum
@@ -19,7 +19,8 @@ ms.localizationpriority: medium
  Software update groups provide you with an effective method to organize software updates in your environment. You can manually add software updates to a software update group or automatically add software updates to a software update group by using an ADR. You can also deploy a software update group manually or deploy the group automatically by using an ADR. After you deploy a software update group, you can add new software updates to the group and Configuration Manager will automatically deploy them. Use the following procedures to add software updates to a new or existing software update group.  
 
 > [!TIP]
-> Starting in version 2203, you can organize software update groups and packages by using folders. This change allows for better categorization and management of software updates. For more information, see [Deploy software updates](deploy-software-updates.md#bkmk_folder).<!-- 3601129 -->
+> - Starting in version 2203, you can organize software update groups and packages by using folders. This change allows for better categorization and management of software updates. For more information, see [Deploy software updates](deploy-software-updates.md#bkmk_folder).<!-- 3601129 -->
+> - Devices running an unsupported operating systems will display as compliant since there aren't applicable updates to the operating system any longer. <!--13952160-->
 
 ## Add software updates to a new software update group  
 

memdocs/configmgr/sum/deploy-use/monitor-software-updates.md

@@ -5,7 +5,7 @@ description: The Configuration Manager console provides alerts and statuses to m
 author: mestew
 ms.author: mstewart
 manager: dougeby
-ms.date: 04/08/2022
+ms.date: 07/12/2022
 ms.topic: conceptual
 ms.prod: configuration-manager
 ms.technology: configmgr-sum
@@ -19,14 +19,10 @@ Configuration Manager provides many ways to help you to monitor software updates
 
 ## Software updates dashboard
 
-*(Introduced in version 1610)*
-
-Starting in Configuration Manager version 1610, you can use the Software Updates Dashboard to view the current compliance status of devices in your organization and quickly analyze the data to see which devices are at risk. To view the dashboard, navigate to **Monitoring** > **Overview** > **Security** > **Software Updates Dashboard**.
+You can use the Software Updates Dashboard to view the current compliance status of devices in your organization and quickly analyze the data to see which devices are at risk. To view the dashboard, navigate to **Monitoring** > **Overview** > **Security** > **Software Updates Dashboard**.
 
 ## Drill through required updates
 <!--4224414-->
-*(Introduced in version 1906)*
-
 You can drill through compliance statistics to see which devices require a specific Microsoft 365 Apps software update. To view the device list, you need permission to view updates and the collections the devices belong to. To drill down into the device list:
 
 1. Go to **Software Library** > **Software Updates** > **All Software Updates**.
@@ -77,6 +73,9 @@ After you configure the alert settings, if the specified conditions occur, Confi
 ##  <a name="BKMK_SUReports"></a> Software updates reports  
  The state messages for software updates provide information about the compliance of software updates and about the evaluation and enforcement state of software update deployments. You can run software update reports to display these state messages. There are more than 30 predefined software update reports available. They're organized in several categories and can be used to report on specific information about software updates and deployments. In addition to using the preconfigured reports, you can also create custom software update reports according to the needs of your enterprise. For more information, see [Operations and maintenance for reporting](../../core/servers/manage/operations-and-maintenance-for-reporting.md).  
 
+> [!NOTE]
+> Devices running an unsupported operating systems will display as compliant since there aren't applicable updates to the operating system any longer. <!--13952160-->
+
 ### Recommended software updates reports
 The following are some of the reports that are useful in identifying potential issues: 
 

memdocs/intune/configuration/delivery-optimization-windows.md

@@ -121,6 +121,6 @@ Delivery Optimization was previously configured as part of Software Update Rings
 
 ## Next steps
 
-After you [assign the profile](device-profile-assign.md), [monitor its status](device-profile-monitor.md) its status.
+After you [assign the profile](device-profile-assign.md), [monitor its status](device-profile-monitor.md).
 
-View the [Delivery Optimization settings](delivery-optimization-settings.md) for Intune.
+View the [Delivery Optimization settings](delivery-optimization-settings.md) for Intune.

memdocs/intune/enrollment/apple-mdm-push-certificate-get.md

@@ -8,7 +8,7 @@ keywords:
 author: Lenewsad
 ms.author: lanewsad
 manager: dougeby
-ms.date: 03/08/2018
+ms.date: 07/11/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: enrollment
@@ -57,36 +57,47 @@ Select **I agree.** to give Microsoft permission to send data to Apple.
 Select **Download your CSR** to download and save the request file locally. The file is used to request a trust relationship certificate from the Apple Push Certificates Portal.
 
 ### Step 3. Create an Apple MDM push certificate
-Select **Create your MDM push Certificate** to go to the Apple Push Certificates Portal. Sign in with your company email address Apple ID, and then click **Create a Certificate**. Select **Choose File** and browse to the certificate signing request file, and then choose **Upload**. On the Confirmation page, choose **Download** to the download the certificate (.pem)  file, and save the file locally.
+1. Select **Create your MDM push Certificate** to go to the Apple Push Certificates Portal. 
+2. Sign in with your organization's Apple ID. 
+3. Select **Create a Certificate**. 
+4. Read and agree to the terms and conditions. Then select **Accept**.  
+5. Select **Choose File** and then select the CSR file you downloaded in Intune.  
+6. Select **Upload**. 
+7. On the confirmation page, select **Download**.  The certificate file (.pem) downloads to your device. Save this file for later.   
 
 > [!NOTE]
-> The certificate is associated with the Apple ID used to create it. As a best practice, use a company email address for Apple ID for management tasks and make sure the mailbox is monitored by more than one person like a distribution list. Avoid using personal Apple ID.
+> The certificate is associated with the Apple ID used to create it. As a best practice, use a company email address as your Apple ID and make sure the mailbox is monitored by more than one person, such as by a distribution list. Avoid using a personal Apple ID.  
 
-> [!NOTE]
-> If you plan to federate your existing AAD Accounts with Apple for Managed Apple ID Usage, please contact Apple to have the existing APNS certificate migrated to new managed apple ID. Refer https://support.apple.com/en-in/guide/apple-school-manager/apd6603d9206/web for more info.
+#### Managed Apple ID  
+If you plan to federate your existing Azure AD accounts with Apple to use Managed Apple ID, contact Apple to have the existing APNS certificate migrated to your new Managed Apple ID. For more information, see the Apple Support [user guide for Apple School Manager](https://support.apple.com/guide/apple-school-manager/apd6603d9206/web).  
 
 ### Step 4. Enter the Apple ID used to create your Apple MDM push certificate
-Record this ID as a reminder for when you need to renew this certificate.
+Return to the admin center and enter your Apple ID as a reminder for when you need to renew the certificate.  
 
 ### Step 5. Browse to your Apple MDM push certificate to upload
-Go to the certificate (.pem) file, choose **Open**, and then choose **Upload**. With the push certificate, Intune can enroll and manage Apple devices.
+1. Select the **Folder** icon. 
+2. Select the certificate file you downloaded in the Apple portal. 
+3. Select **Upload** to finish configuring the MDM push certificate. 
 
 ## Renew Apple MDM push certificate
-The Apple MDM push certificate is valid for one year. You must renew it annually to maintain iOS/iPadOS and macOS device management. Once the certificate expires, there is a 30-day grace period to renew it.  
+The Apple MDM push certificate is valid for 365 days. You must renew it annually to maintain iOS/iPadOS and macOS device management. Once the certificate expires, there is a 30-day grace period to renew it.  
 
 Renew the MDM push certificate with the same Apple ID you used to create it.  
 
-1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Devices** > **Enroll devices** > **Apple enrollment** > **Apple MDM Push Certificate**.
-2. Choose **Download your CSR** to download and save the request file locally. The file is used to request a trust relationship certificate from the Apple Push Certificates Portal.
-3. Select **Create your MDM push Certificate** to go to the Apple Push Certificates Portal. Find the certificate you want to renew and select **Renew**.
-4. On the **Renew Push Certificate** screen, provide notes to help you identify the certificate in the future, select **Choose File** to browse to the new request file you downloaded, and choose **Upload**.
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+2. Select **Devices** > **Enroll devices** > **Apple enrollment** > **Apple MDM Push Certificate**.
+3. Select **Download your CSR** to download and save the request file locally. The file is used to request a trust relationship certificate from the Apple Push Certificates Portal.
+4. Select **Create your MDM push Certificate** to go to the Apple Push Certificates Portal. 
+5. Find the certificate you want to renew and select **Renew**.
+6. Select **Choose File** and select the new CSR file you downloaded.
+7. In the provided field, enter a unique note about the certificate so that you can easily identify it later.  
    > [!TIP]
-   > A certificate can be identified by its UID. Examine the **Subject ID** in the certificate details to find the GUID portion of the UID. Or, on an enrolled iOS/iPadOS device, go to **Settings** > **General** > **Device** **Management** > **Management Profile** > **More Details** > **Management Profile**. The second line item, **Topic**, contains the unique GUID that you can match up to the certificate in the Apple Push Certificates portal.
- 
-6. On the **Confirmation** screen, select **Download** and save the .pem file locally.
-7. In [Intune](https://go.microsoft.com/fwlink/?linkid=2090973), select the **Apple MDM push certificate** browse icon, select the .pem file downloaded from Apple, and choose **Upload**.
+   > Each certificate has a unique UID. To find it, look for the subject ID, which shows the GUID portion of the UID, in the certificate details. You can also find this information on the enrolled iOS/iPadOS device. Go to **Settings** > **General** > **Device Management** > **Management Profile** > **More Details** > **Management Profile**. The **Topic** value contains the unique GUID that you can match up to the certificate in the Apple Push Certificates portal.  
+8. Select **Upload**.    
+9. On the **Confirmation** screen, select **Download**.  
+10. Return to the admin center > **Configure MDM Push Certificate** page, and upload your certificate file. 
 
-Your Apple MDM push certificate appears **Active** and has 365 days until expiration.
+Renewal is complete when your Apple MDM push certificate status appears active in both the admin center and Apple portal. 
 
 ## Next steps  
 

memdocs/intune/fundamentals/scope-tags.md

@@ -55,7 +55,7 @@ The default scope tag feature is similar to the security scopes feature in Micro
 
     > [!IMPORTANT]
     > Auto scope tags assignments will overwrite mannually assigned scope tags.
-    > You can assign multiple scope tags to a role.
+    > If a device is assigned multiple scope tags through group assignment, all scope tags will apply.
 
 ## To assign a scope tag to a role
 

memdocs/intune/remote-actions/device-passcode-reset.md

@@ -87,7 +87,7 @@ Instead of being reset, passcodes are removed from iOS/iPadOS devices. If there'
 
 ## Troubleshooting remote lock failures
 If the remote lock action failed, validate that the following have been correctly configured:
-- If the remote lock action failed on an Android (AOSP) device, confirm that you have a device passcode policy assigned to the device. If the device does not have a device passccode assigned, the remote lock action will not succeed.
+- If the remote lock action failed on an Android (AOSP) device, confirm that you have a device passcode policy assigned to the device. If the device does not have a device passcode assigned, the remote lock action will not succeed.
 
 ## Next steps
 

memdocs/intune/remote-actions/devices-wipe.md

@@ -61,7 +61,7 @@ A wipe is useful for resetting a device before you give the device to a new user
 2. Select **Devices** > **All devices**.
 3. Select the name of the device that you want to wipe.
 4. In the pane that shows the device name, select **Wipe**.
-5. For Windows 10 version 1709 or later, you also have the **Wipe device, but keep enrollment state and associated user account** option.
+5. For Windows 10 version 1709 or later, you also have the **Wipe device, but keep enrollment state and associated user account** option. If this option is selected, the following will apply:
 
     |Retained during a wipe |Not retained|
     | -------------|------------|

windows-365/enterprise/cloud-pc-size-recommendations.md

@@ -7,7 +7,7 @@ keywords:
 author: ErikjeMS  
 ms.author: erikje
 manager: dougeby
-ms.date: 08/02/2021
+ms.date: 07/12/2022
 ms.topic: overview
 ms.service: cloudpc
 ms.subservice:
@@ -38,13 +38,13 @@ For information about end-user hardware requirements, see [End-user hardware req
 
 This table shows examples of the different sizes available for a Cloud PC:
 
-| Cloud PC CPUs, RAM, and storage | Example scenarios | Recommended gallery image | Recommended apps |
+| Cloud PC CPUs, RAM, and storage | Example scenarios | Recommended apps |
 | --- | --- | --- | --- |
-| 1vCPU/2GB/64GB\* | Firstline workers, call centers, education/training/CRM access.  | Windows 10 Enterprise with OS Optimizations  | Office (web-based), Microsoft Edge, OneDrive, lightweight line-of-business app (call center application – web-apps), Defender support. |
-| 2vCPU/4GB/256GB<br>2vCPU/4GB/128GB<br>2vCPU/4GB/64GB  | Mergers and acquisition, short-term and seasonal, customer services  | Windows 10/11 Enterprise with Microsoft 365 and Teams | Microsoft 365 Apps, Microsoft Teams (Audio only),  OneDrive, Adobe Reader, Edge, line-of-business apps, Defender support. |
-| 2vCPU/8GB/256GB<br>2vCPU/8GB/128GB | Bring-your-own-PC, work from home, market researchers, government, consultants. | Windows 10/11 Enterprise with Microsoft 365 and Teams | Microsoft 365 Apps, Microsoft Teams, Outlook, Excel, Access, PowerPoint, OneDrive, Adobe Reader, Edge, line-of-business apps, Defender support. |
-| 4vCPU/16GB/512GB<br>4vCPU/16GB/256GB<br>4vCPU/16GB/128GB | Finance, government, consultants, healthcare services, bring-your-own-PC, work from home. | Windows 10/11 Enterprise with Microsoft 365 and Teams | Microsoft 365 Apps, Microsoft Teams, Outlook, Excel, Access, PowerPoint, Power BI, Dynamics 365, OneDrive, Adobe Reader, Edge, line-of-business app, Defender support. |
-| 8vCPU/32GB/512GB<br>8vCPU/32GB/256GB<br>8vCPU/32GB/128GB | Software developers, engineers, content creators, design and engineering workstations. | Windows 10/11 Enterprise with Microsoft 365 and Teams | Microsoft 365 Apps, Microsoft Teams, Outlook, Access, OneDrive, Adobe Reader, Edge, Power BI, Visual Studio Code, virtualization-based workloads: Hyper-V, Windows Subsystem for Linux (WSL), line-of-business apps, and Defender support. |
+| 1vCPU/2GB/64GB\* | Firstline workers, call centers, education/training/CRM access.  | Office (web-based), Microsoft Edge, OneDrive, lightweight line-of-business app (call center application – web-apps), Defender support. |
+| 2vCPU/4GB/256GB<br>2vCPU/4GB/128GB<br>2vCPU/4GB/64GB  | Mergers and acquisition, short-term and seasonal, customer services  | Microsoft 365 Apps, Microsoft Teams (Audio only),  OneDrive, Adobe Reader, Edge, line-of-business apps, Defender support. |
+| 2vCPU/8GB/256GB<br>2vCPU/8GB/128GB | Bring-your-own-PC, work from home, market researchers, government, consultants. | Microsoft 365 Apps, Microsoft Teams, Outlook, Excel, Access, PowerPoint, OneDrive, Adobe Reader, Edge, line-of-business apps, Defender support. |
+| 4vCPU/16GB/512GB<br>4vCPU/16GB/256GB<br>4vCPU/16GB/128GB | Finance, government, consultants, healthcare services, bring-your-own-PC, work from home. | Microsoft 365 Apps, Microsoft Teams, Outlook, Excel, Access, PowerPoint, Power BI, Dynamics 365, OneDrive, Adobe Reader, Edge, line-of-business app, Defender support. |
+| 8vCPU/32GB/512GB<br>8vCPU/32GB/256GB<br>8vCPU/32GB/128GB | Software developers, engineers, content creators, design and engineering workstations. | Microsoft 365 Apps, Microsoft Teams, Outlook, Access, OneDrive, Adobe Reader, Edge, Power BI, Visual Studio Code, virtualization-based workloads: Hyper-V, Windows Subsystem for Linux (WSL), line-of-business apps, and Defender support. |
 
 \* The 1vCPU option is being retired. Instead, we recommend the 2vCPU as the minimum configuration for new purchases.
 

windows-365/enterprise/device-images.md

@@ -7,7 +7,7 @@ keywords:
 author: ErikjeMS 
 ms.author: erikje
 manager: dougeby
-ms.date: 06/02/2022
+ms.date: 07/12/2022
 ms.topic: overview
 ms.service: cloudpc
 ms.subservice:
@@ -71,17 +71,6 @@ There are two sets of images available to choose from across the different versi
   - UWP packages removed.
   - Task scheduler actions disabled.
 
-### Recommended image by license
-
-You can choose any image for any Windows 365 license. However, for optimal performance, the following recommendations apply:
-
-| Windows 365 license | Recommended gallery image |
-| --- | --- |
-| 2vCPU/4GB/64GB and above | Windows 10/11 Enterprise + Microsoft 365 Apps |
-| 1vCPU/2GB/64GB* | Windows 10 Enterprise + OS Optimizations |
-
-\* The 1vCPU option is being retired. Instead, we recommend the 2vCPU as the minimum configuration for new purchases.
-
 ### Gallery image update cycle
 
 All supported Windows 365 gallery images are updated monthly after the security patch release schedule of Windows Servicing & Delivery. This happens around the middle of each month.